Administrator's Manual 29.Implementing X.509 Authentication
Version 2.2.8 201 400HD Series IP Phones
29 Implementing X.509 Authentication
X.509 certificates can be used to authenticate a connection with a remote server or HTTP/S
client browser. The certificates may be implemented in one of or a combination of the
following SSL handshake negotiation scenarios:
The IP phone is a client who needs to authenticate the remote server e.g. provisioning
server to which it is attempting to connect.
In this case, the IP phone needs to load the certificate and Trusted CA used by the
remote server.
The remote server needs to authenticate the incoming connection request from the IP
phone client.
In this case, the remote server needs to load the certificate and Trusted CA used by the
IP phone.
The IP phone is a server who needs to authenticate an incoming connection request
from a remote HTTP client browser.
In this case, the IP phone needs to load the certificate and Trusted CA used by the
remote HTTP client browser.
The remote HTTP client browser needs to authenticate the IP phone to which it is
attempting to connect.
In this case, the remote HTTP client browser needs to load the certificate and Trusted
CA used by the IP phone.
The following types of certificates can be used to authenticate the connections described in
the above scenarios:
Factory-set Certificates (see Section 29.1):
Certificates that are loaded to the AudioCodes IP Phone using an AudioCodes
certificate and AudioCodes Trusted Root CA.
User-Generated Certificates (see Section 29.2):
Certificates that are generated by the user that may use the AudioCodes Tusted Root
CA or an external CA.
29.1 Factory-Set Certificates and AudioCodes Trusted
Root CA
AudioCodes IP phones are loaded with factory-set preinstalled certificate files: private key
file, certificate file and a Trusted Root CA file that is signed by AudioCodes.
Note:
• The Web interface provides visual indication that factory certificates are installed:
√ The System Information page displays 'MAC Address' and 'Device Certificate'
parameters.
√ The values for the 'Device Certificate' parameter can be Installed, Self-Signed, or
Not Installed.
• The phone's LCD visually indicates that factory certificates are installed.
√ The Release Information menu (MENU button > Status) displays the 'Device
Certificate' parameter.
√ The values of the 'Device Certificate' parameter can be Installed, Self-Signed, or
Not Installed.
To Next Page
Loading...
